If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

I would suggest some further reading to get a better understanding of what you're trying to do and what ettercap does. As to ip_forwarding, I would let ettercap forward the packets. You need to enable arp:remote and also include your gateway in the target list.

This is a brief summary of how the attack works:

1. Attacker connects to the network
2. Attacker sends specific ARP replies to the gateway and victim so that packets are routed through him
3. Victim requests an website using SSL
4. Attacker relays this request to the actual Server
5. Server replies with a certificate
6. Attacker swaps his own certificate for the Server's
7. Victim accepts the fake certificate and submits his credentials
8. Attacker decrypts the message, logs it, and then re-encrypts it with the Servers certificate
9. Further messages are relayed in a similar manner and the entire SSL session is captured transparently

ive got a basic understanding of whats happening, im guessin ive either knocked a setting out or inervertadly change the etter.conf file somewhere without realising.

whats annoying me is that when i used etter.cap for the first time, it sniffed the password no problem, i then got remote browser working, but then password sniff stopped working, then remote browser, 1 step forward, two steps back.

ive created a new thread explaining what happend, what im doing etc (probley fresh installing backtrack 3 and starting a fresh)

you know when u mentioned aboutnot setting the kernal to forward packets, from what i understand, thats why ettercap wasnt sniffing the hotmail password???